Method forversatile content control

ABSTRACT

The owner of proprietor interest is in a better position to control access to the encrypted content in the medium if the encryption-decryption key is stored in the medium itself and substantially inaccessible to external devices. Only those host devices with the proper credentials are able to access the key. An access policy may be stored which grants different permissions (e.g. to different authorized entities) for accessing data stored in the medium. A system incorporating a combination of the two above features is particularly advantageous. On the one hand, the content owner or proprietor has the ability to control access to the content by using keys that are substantially inaccessible to external devices and at the same time has the ability to grant different permissions for accessing content in the medium. Thus, even where external devices gain access, their access may still be subject to the different permissions set by the content owner or proprietor recorded in the storage medium. When implemented in a flash memory, the above features result in a particularly useful medium for content protection. Many storage devices are not aware of file systems while many computer host devices read and write data in the form of files. The host device provides a key reference or ID, while the memory system generates a key value in response which is associated with the key ID, which is used as the handle through which the memory retains complete and exclusive control over the generation and use of the key value for cryptographic processes, while the host retains control of files.

CROSS-REFERENCE TO RELATED APPLICATIONS

This application claims the benefit of U.S. Provisional Application No.60/638,804, filed Dec. 21, 2004, entitled, “Memory System with VersatileContent Control.” This application is further related to U.S. patentapplication Ser. No. ______, [Docket 382US2], entitled, “Memory Systemwith Versatile Content Control”; this application is further related toU.S. patent application Ser. No. ______ [Docket 382US3], entitled“Method Using Control Structure for Versatile Content Control”; thisapplication is further related to U.S. patent application Ser. No.______ [Docket 382US4], entitled “Control Structure for VersatileContent Control”; this application is further related to U.S. patentapplication Ser. No. ______ [Docket 382US5], entitled “Method forCreating Control Structure for Versatile Content Control”; thisapplication is further related to U.S. patent application Ser. No.______ [Docket 382US6], entitled “System for Creating Control Structurefor Versatile Content Control”; this application is further related toU.S. patent application Ser. No. ______ [Docket 382US7], entitled“Method for Versatile Content Control with Partitioning”; thisapplication is further related to U.S. patent application Ser. No.______ [Docket 382US8], entitled “Versatile Content Control withPartitioning”; all of which are filed on the same day as the presentapplication. These applications are incorporated in their entirety byreference as if fully set forth herein.

BACKGROUND OF THE INVENTION

This invention relates in general to memory systems, and in particularto a memory system with versatile content control features.

The computing device market is developing in the direction of includingcontent storage on mobile storage devices so as to increase the averagerevenue by generating more data exchanges. This means that the contentin a mobile storage medium has to be protected when used on a computingdevice. Content includes valuable data, which may be data owned by aparty other than the one that manufactures or sells the storage device.

One type of storage device with encryption capability is described inU.S. Pat. No. 6,457,126. The capability provided by this device, ishowever, quite limited. It is therefore desirable to provide a memorysystem with more versatile content control features.

SUMMARY OF THE INVENTION

The protection of content in a mobile storage medium can involve theencryption of data in the medium so that only authorized users orapplications have access to keys used for encrypting data stored in themedium. In some prior systems, the key used for encrypting anddecrypting data is stored in devices external to the mobile storagemedium. In such circumstances, the company or individual who ownsproprietary interest in the content may not have much control over theusage of the content in the medium. Since the key used for encryptingdata in the medium exists external to the medium, this key may be passedfrom one device to another in a manner not subject to control by thecontent proprietor. The owner of proprietor interest will be in thebetter position to control access to the content in the medium if theencryption-decryption key is stored in the medium itself andsubstantially inaccessible to external devices, according to one of thefeatures of the invention.

By making the key essentially inaccessible from outside the medium, thisfeature provides portability to secured content. Thus, the storagedevice containing secured content ciphered with such a key can be usedfor access by a variety of host devices without the danger of securitybreach, since the device has exclusive control of access to the key.Only those host devices with the proper credentials are able to accessthe key.

To enhance the commercial value of the content stored in the mobilestorage medium, it is desirable for the owner of proprietary interest inthe content to be able to grant different permissions to differententities for accessing the content. Therefore another feature of theinvention is based on the recognition that an access policy may bestored which grants different permissions (e.g. to different authorizedentities) for accessing data stored in the medium. A systemincorporating a combination of the two above features is particularlyadvantageous. On the one hand, the content owner or proprietor has theability to control access to the content by using keys that aresubstantially inaccessible to external devices and at the same time hasthe ability to grant different permissions for accessing content in themedium. Thus, even where external devices gain access, their access maystill be subject to the different permissions set by the content owneror proprietor recorded in the storage medium.

Yet another feature is based on the recognition that when theabove-described policy, where different permissions are granted todifferent authorized entities, is implemented in a flash memory, thisresults in a particularly useful medium for content protection.

Many storage devices are not aware of file systems while many computerhost devices read and write data in the form of files. According toanother feature, the host device provides a key reference or ID, whilethe memory system generates a key value in response which is associatedwith the key ID, where the key value is used in cryptographic processingdata in a file associated with the key ID. The host associates the keyID with the file to be processed cryptographically by the memory system.Thus the key ID is used by the computing device and memory as the handlethrough which the memory retains complete and exclusive control over thegeneration and use of the key value for cryptographic processes, whilethe host retains control of files.

In some mobile storage devices such as smart cards, the card controllermanages the file system. In many other types of mobile storage devices,such as flash memories, magnetic or optical discs, the device controlleris not aware of the file system; instead, the device controller relieson a host device (e.g. a personal computer, digital camera, MP3 player,personal digital assistants, cellular phones) to manage the file system.The various aspects of this invention may be readily incorporated intosuch types of storage devices where the device controller is not awareof the file system. This means that the various features of thisinvention may be practiced on a wide variety of existing mobile storagedevices without requiring a re-design of such devices to make the devicecontroller in such devices become aware of and able to manage the filesystem.

A tree structure stored in the storage medium provides control over whatan entity can do even after gaining access. Each of the nodes of thetree specifies permissions by an entity who has gained entry throughsuch node of the tree. Some trees have different levels, where thepermission or permissions at a node of the tree has a predeterminedrelationship to permission or permissions at another node at a higher orlower or the same level in the same tree. By requiring entities tocomply with the permissions so specified at each of the nodes, the treefeature of this application allows a content owner to control whichentities can take action, and which actions each of the entities cantake, irrespective of whether the tree has different levels.

To enhance the commercial value that can be provided by the mobilestorage medium, it is desirable for mobile storage devices to be capableof supporting more than one application simultaneously. When two or moreapplications are accessing the mobile storage device at the same time,it can be important to be able to separate the operations of the two ormore applications so that they do not interfere with one another in aphenomena referred to herein as crosstalk. Therefore another feature ofthe invention is based on the recognition that two or more trees whichare preferably hierarchical may be provided for controlling access tothe memory. Each tree comprises nodes at different levels forcontrolling access to data by a corresponding set of entities where anode of each tree specifies permission or permissions of thecorresponding entity or entities for accessing memory data. Thepermission or permissions at a node of each of the trees has apredetermined relationship to permission or permissions at another nodeat a higher or lower level in the same tree. Preferably, there is nocrosstalk between at least two of the trees.

From the above, it will be evident that trees are powerful structuresthat can be used for content security. One of the important controlsprovided is the control over the creation of trees. Thus, according toanother feature of the invention, the mobile storage device may beprovided with a system agent that is able to create at least onehierarchical tree comprising nodes at different levels for controllingaccess to data stored in the memory by corresponding entities. Each nodeof the tree specifies permission or permissions of a correspondingentity or entities for accessing memory data. The permission orpermissions at the node of each of the trees has a predeterminedrelationship to permission or permissions at nodes at a higher or loweror the same level in the same tree. Thus, the mobile storage devices maybe issued without any trees already created so that the purchaser of thedevices has a free hand in creating hierarchical trees adapted to theapplications the purchaser has in mind. Alternatively, the mobilestorage devices may also be issued with the trees already created sothat a purchaser does not have to go through the trouble of creating thetrees. In both situations, preferably certain functionalities of thetrees can become fixed after the devices are made so that they cannot befurther changed or altered. This provides greater control over access tothe content in the device by the content owner. Thus, in one embodiment,the system agent can preferably be disabled so that no additional treescan be created.

In some mobile storage devices, content protection is afforded bydividing the memory into separate areas where access to protected areasrequires prior authentication. While such feature does provide someprotection, it does not protect against a user who obtained a passwordby illicit means. Thus, another aspect of the invention is based on therecognition that a mechanism or structure may be provided to divide amemory into partitions and so that at least some data in the partitionscan be encrypted with a key, so that in addition to authentication thatis required for accessing some of the partitions, access to one or morekeys may be required to decrypt the encrypted data in such partitions.

In some applications, it may be more convenient to the user to be ableto log in the memory system using one application, and then be able touse different applications to access protected content without having tolog in again. In such event, all of the content that the user wishes toaccess in this manner may be associated with a first account, so thatall such content can be accessed via different applications (e.g. musicplayer, email, cellular communication etc.) without having to log inmultiple times. Then a different set of authentication information maythen be used for logging in to access protected content that is in anaccount different from the first account, even where the differentaccounts are for the same user or entity.

The above-described features may be used individually, or may becombined in any combination, in storage systems to provide greaterversatility of control and/or protection for the content owner.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a block diagram of a memory system in communication with thehost device useful for illustrating this invention.

FIG. 2 is a schematic view of different partitions of a memory and ofunencrypted and encrypted files stored in different partitions whereaccess to certain partitions and the encrypted files is controlled byaccess policies and authentication procedures to illustrate anembodiment of the invention.

FIG. 3 is a schematic view of a memory illustrating the differentpartitions in the memory.

FIG. 4 is a schematic view of file location tables for the differentpartitions of the memory shown in FIG. 3 where some of the files in thepartitions are encrypted to illustrate an embodiment of the invention.

FIG. 5 is a schematic view of access control records in an accesscontrolled record group and the associated key references to illustratean embodiment of the invention.

FIG. 6 is a schematic view of tree structures formed by accesscontrolled records groups and access controlled records to illustrate anembodiment of the invention.

FIG. 7 is a schematic diagram of a tree illustrating three hierarchicaltrees of access controlled record groups to illustrate a process offormation of the trees.

FIGS. 8A and 8B are flow charts illustrating the processes carried outby a host device and a memory device such as a memory card for creatingand using a system access control record.

FIG. 9 is a flow chart illustrating a process using a system accesscontrol record to create an access controlled record group to illustratethe invention.

FIG. 10 is a flow chart illustrating a process for creating an accesscontrol record.

FIG. 11 is a schematic view of two access control record groups usefulfor illustrating a particular application of the hierarchical tree.

FIG. 12 is a flow chart illustrating a process for delegation ofspecific rights.

FIG. 13 is a schematic view of an access controlled record group and anaccess control record to illustrate the process of delegation of FIG.12.

FIG. 14 is a flowchart illustrating the process for creating a key forthe purpose of encryption and/or decryption.

FIG. 15 is a flow chart illustrating a process for removing accessrights and/or permission for data access according to an accessedcontrolled record.

FIG. 16 is a flow chart illustrating a process for requesting accesswhen access rights and/or permission to access has been deleted or hasexpired.

FIGS. 17A and 17B are schematic views illustrating an organization of arule structure for authentication and policies for granting access tocryptographic keys to illustrate another embodiment of the invention.

FIG. 18 is a flow diagram illustrating sessions of authentication andaccess when some sessions are open.

FIG. 19-22 are flow charts illustrating different authenticationprocesses.

For simplicity in description, identical components are labeled by thesame numerals in this application.

DETAILED DESCRIPTION OF EXEMPLARY EMBODIMENTS

An example memory system in which the various aspects of the presentinvention may be implemented is illustrated by the block diagram ofFIG. 1. As shown in FIG. 1, the memory system 10 includes a centralprocessing unit (CPU) 12, a buffer management unit (BMU) 14, a hostinterface module (HIM) 16 and a flash interface module (FIM) 18, a flashmemory 20 and a peripheral access module (PAM) 22. Memory system 10communicates with a host device 24 through a host interface bus 26 andport 26 a. The flash memory 20 which may be of the NAND type, providesdata storage for the host device 24. The software code for CPU 12 mayalso be stored in flash memory 20. FIM 18 connects to the flash memory20 through a flash interface bus 28 and port 28 a. HIM 16 is suitablefor connection to a host system like a digital camera, personalcomputer, personal digital assistants (PDA), digital media players, MP-3players, cellular telephones or other digital devices. The peripheralaccess module 22 selects the appropriate controller module such as FIM,HIM and BMU for communication with the CPU 12. In one embodiment, all ofthe components of system 10 within the dotted line box may be enclosedin a single unit such as in memory card or stick 10′ and preferablyencapsulated.

While the invention is illustrated herein by reference to flashmemories, the invention may also be applicable to other types ofmemories, such as magnetic disks, optical CDs, as well as all othertypes of rewrite-able non volatile memory systems.

The buffer management unit 14 includes a host direct memory access(HDMA) 32, a flash direct memory access (FDMA) 34, an arbiter 36, abuffer random access memory (BRAM) 38 and a crypto-engine 40. Thearbiter 36 is a shared bus arbiter so that only one master or initiator(which can be HDMA 32, FDMA 34 or CPU 12) can be active at any time andthe slave or target is BRAM 38. The arbiter is responsible forchanneling the appropriate initiator request to the BRAM 38. The HDMA 32and FDMA 34 are responsible for data transported between the HIM 16, FIM18 and BRAM 38 or the CPU random access memory (CPU RAM)12 a. Theoperation of the HDMA 32 and of the FDMA 34 are conventional and neednot be described in detail herein. The BRAM 38 is used to store datapassed between the host device 24 and flash memory 20. The HDMA 32 andFDMA 34 are responsible for transferring the data between HIM 16/FIM 18and BRAM 38 or the CPU RAM 12 a and for indicating sector completion.

For improved security of the content stored in memory 20, memory system10 generates the key value(s) that are used for encryption and/ordecryption, where this value(s) is substantially not accessible toexternal devices such as host device 24. However, encryption anddecryption is typically done file by file, since the host device readsand writes data to memory system 10 in the form of files. Like manyother types of storage devices, memory device 10 is not aware of filesor file systems. While memory 20 does store a file allocation table(FAT) where the logical addresses of the files are identified, the FATis typically accessed and managed by the host device 24 and not by thecontroller 12. Therefore, in order to encrypt data in a particular file,the controller 12 will have to rely on the host device to send thelogical addresses of the data in the file in memory 20, so that the dataof the particular file can be found and encrypted and/or decrypted bysystem 10 using the key value(s) available only to system 10.

To provide a handle for both the host device 24 and memory system 10 torefer to the same key(s) for cryptographically processing data in files,the host device provides a reference for each of the key valuesgenerated by system 10, where such reference may simply be a key ID.Thus, the Host 24 associates each file that is cryptographicallyprocessed by system 10 with a key ID, and the system 10 associates eachkey value that is used to cryptographically process data with a key IDprovided by the host. Thus, when the host requests that a file becryptographically processed, it will send the request along with a keyID along with the logical addresses of data to be fetched from or storedin memory 20 to system 10. System 10 generates a key value andassociates the key ID provided by the host 24 with such value, andperforms the cryptographic processing. In this manner, no change needsto be made in the manner memory system 10 operates while allowing it tocompletely control the cryptographic processing using the key(s),including exclusive access to the key value(s). In other words, system10 continues to allow the host 24 to manage the files by havingexclusive control of FAT, while it maintains exclusive control for thegeneration and management of the key value(s) used for cryptographicprocessing. The host device 24 has no part in the generation andmanagement of the key value(s) used for cryptographic processing ofdata.

The key ID provided by the host 24 and the key value generated by thememory system form two attributes of a quantity referred to below as the“content encryption key” or CEK in one of the embodiments. While thehost 24 may associate each key ID with one or more files, host 24 mayalso associate each key ID with unorganized data or data organized inany manner, and not limited to data organized into complete files.

In order for a user or application to gain access to protected contentor area in system 10, it will need to be authenticated using acredential which is pre-registered with system 10. A credential is tiedto the access rights granted to the particular user or application withsuch credential. In the pre-registration process, system 10 stores arecord of the identity and credential of the user or application, andthe access rights associated with such identity and credentialdetermined by the user or application and provided through the host 24.After the pre-registration has been completed, when the user orapplication requests to write data to memory 20, it will need to providethrough the host device its identity and credential, a key ID forencrypting the data, and the logical addresses where the encrypted datais to be stored. System 10 generates a key value and associates thisvalue with the key ID provided by the host device, and stores in itsrecord or table for this user or application the key ID for the keyvalue used to encrypt the data to be written. It then encrypts the dataand stores the encrypted data at the addresses designated by the host aswell as the key value it generated.

When a user or application requests to read encrypted data from memory20, it will need to provide its identity and credential, the key ID forthe key previously used to encrypt the requested data, and the logicaladdresses where the encrypted data is stored. System 10 will then matchthe user or application identity and credential provided by the host tothose stored in its record. If they match, system 10 will then fetchfrom its memory the key value associated with the key ID provided by theuser or application, decrypt the data stored at the addresses designatedby the host device using the key value and send the decrypted data tothe user or application.

By separating the authentication credentials from the management of keysused for cryptographic processing, it is then possible to share rightsto access data without sharing credentials. Thus, a group of users orapplications with different credentials can have access to the same keysfor accessing the same data, while users outside this group have noaccess. While all users or applications within a group may have accessto the same data, they may still have different rights. Thus, some mayhave read only access, while others may have write access only, whilestill others may have both. Since system 10 maintains a record of theusers or application identities and credentials, the key IDs they haveaccess to, and the associated access rights to each of the key IDs, itis possible for system 10 to add or delete key IDs and alter accessrights associated with such key IDs for particular users orapplications, to delegate access rights from one user or application toanother, or even to delete or add records or tables for users orapplications, all as controlled by a properly authenticated host device.The record stored may specify that a secure channel is required foraccessing certain keys. Authentication may be done using symmetric orasymmetric algorithms as well as passwords.

Especially important is the portability of the secured content in thememory system 10. Since the key value is generated by the memory systemand substantially not available to external systems, when the memorysystem or a storage device incorporating the system is transferred fromone external system to another, security of the content stored thereinis maintained, and external systems are not able to access such contentunless they have been authenticated in a manner completely controlled bythe memory system. Even after being so authenticated, access is totallycontrolled by the memory system, and external systems can access only ina manner controlled according to preset records in the memory system. Ifa request does not comply with such records, the request will be denied.

To provide greater flexibility in protecting content, it is envisionedthat certain areas of the memory referred to below as partitions can beaccessed only by properly authenticated users or applications. Whencombined with the above described features of key-based data encryption,system 10 provides greater data protection capability. As shown in FIG.2, the flash memory 20 may have its storage capacity divided into anumber of partitions: a user area or partition and custom partitions.The user area or partition P0 is accessible to all users andapplications without authentication. While all bit values of data storedin the user area can be read or written to by any application or user,if the data read is encrypted, the user or application without authorityto decrypt would not be able to access the information represented bythe bit values stored in a user area. This is illustrated, for example,by files 102 and 104 stored in user area P0. Also stored in the userarea are unencrypted files such as 106 which can be read and understoodby all applications and users. Thus, symbolically, the files that areencrypted are shown with locks associated with them such as for files102 and 104.

While an encrypted file in a user area P0 cannot be understood byunauthorized applications or users, such applications or users may stillbe able to delete or corrupt the file, which may be undesirable for someapplications. For this purpose, memory 20 also includes protected custompartitions such as partitions P1 and P2 which cannot be accessed withoutprior authentication. The authentication process permitted in theembodiments in this application is explained below.

As also illustrated in FIG. 2, a variety of users or applications mayaccess the files in memory 20. Thus users 1 and 2, and applications 1-4(running on devices) are shown in FIG. 2. Before these entities areallowed to access protected content in memory 20, they are firstauthenticated by an authentication process in a manner explained below.In this process, the entity that is requesting access needs to beidentified at the host side for role based access control. Thus, theentity requesting access first identifies itself by supplyinginformation such as “I am application 2 and I wish to read file 1.”Controller 12 then matches the identity, authentication information andrequest against the record stored in memory 20 or controller 12. If allrequirements are met, access is then granted to such entity. Asillustrated in FIG. 2, user 1 is allowed to read from and write to file101 in partition P1, but can only read files 102 and 104 in addition touser 1 having unrestricted rights to read from and write to files 106 inP0. User 2, on the other hand, is not allowed access to file 101 and 104but has read and write access to file 102. As indicated in FIG. 2, users1 and 2 have the same login algorithm (AES) while applications 1 and 3have different login algorithms (e.g. RSA and 001001) which are alsodifferent from those of users 1 and 2.

The Secure Storage Application (SSA) is a security application of thememory system 10, and illustrates an embodiment of the invention, whichcan be used to implement many of the above-identified features. SSA maybe embodied as software or computer code with database stored in thememory 20 or a non-volatile memory (not shown) in CPU 12, and is readinto RAM 12 a and executed by CPU 12. The acronyms used in reference tothe SSA are set forth in the table below: Definitions, Acronyms &Abbreviations ACR Access Control Records AGP ACR Group CBC Chain BlockCipher CEK Content Encryption Key ECB Electronic Codebook ACAM ACRAttributes Management PCR Permissions Control Record SSA Secure StorageApplication Entity Any thing that has real and individual existence(host side) that logs in the SSA and thus utilizes its functionalities.SSA System Description

Data security, integrity and access control are the major roles of theSSA. The data are files that would otherwise be stored plainly on amass-storage device of some kind. The SSA system sits atop of thestorage system and adds the security layer for the stored host files.

The main task of the SSA is to manage the different rights associatedwith the stored (and secured) content in the memory. The memoryapplication needs to manage multiple users and content rights tomultiple stored content. Host applications from their side, see drivesand partitions that are visible to such applications, and fileallocation tables (FATs) that manage and portray the locations of thestored files on the storage device.

In this case the storage device uses NAND flash chip divided topartitions, although other mobile storage devices may also be used andare within the scope of this invention. These partitions are continuousthreads of logical addresses, where a start and an end address definetheir boundaries. Restrictions may therefore be imposed on access tohidden partitions, if desired, by means of software (such as softwarestored in memory 20) that associates such restrictions with theaddresses within such boundaries. Partitions are fully recognizable tothe SSA by their logical address boundaries that are managed by it. TheSSA system uses partitions to physically secure data from unauthorizedhost applications. To the host, the partitions are a mechanism ofdefining proprietary spaces in which to store data files. Thesepartitions can either be public, where anyone with access to the storagedevice can see and be aware of the partition's presence on the device,or private or hidden, where only the selected host applications haveaccess to and are aware of their presence in the storage device.

FIG. 3 is a schematic view of a memory illustrating the partitions ofthe memory: P0, P1, P2 and P3 (obviously fewer or more partitions thanfour may be employed), where P0 is a public partition which can beaccessed by any entity without authentication.

A private partition (such as P1, P2 or P3) hides the access to the fileswithin it. By preventing the host from accessing the partition, theflash device (e.g. flash card) delivers protection of the data filesinside the partition. This kind of protection, however, engulfs all ofthe files residing in the hidden partition by imposing restrictions onaccess to data stored at the logical addresses within the partition. Inother words, the restrictions are associated with a range of logicaladdresses. All of the users/hosts that have access to that partitionwill have unlimited access to all of the files inside. To isolatedifferent files from one another—or groups of files—the SSA systemprovides another level of security and integrity per file—or groups offiles—using keys and key references or Key IDs. A key reference or keyID of a particular key value used for encrypting data at differentmemory addresses can be analogized to a container or domain thatcontains the encrypted data. For this reason, in FIG. 4, the keyreferences or key IDs (e.g. “key 1” and “key 2”) are shown graphicallyas areas surrounding the files encrypted using the key values associatedwith the key IDs.

In reference to FIG. 4, for example, File A is accessible to allentities without any authentication, since it is shown as not enclosedby any key ID. Even though File B in the public partition can be read oroverwritten by all entities, it contains data encrypted with a key withID “key 1”, so that the information contained in File B is notaccessible to an entity unless such entity has access to such key. Inthis manner using key values and key references or Key IDs providelogical protection only, as opposed to the type of protection providedby the partition described above. Hence, any host that can access apartition (public or private) is capable of reading or writing the datain the entire partition, including the encrypted data. However, sincethe data is encrypted, unauthorized users can only corrupt it. Theypreferably cannot alter the data without detection or use it. Byrestricting the access to the encryption and/or decryption keys, thisfeature can allow only the authorized entities to use the data. Files Band C are also encrypted using a key with key ID “key 2” in P0.

Data confidentiality and integrity can be provided through symmetricencryption methods that use Content Encryption Keys (CEK), one per CEK.In the SSA embodiment, the CEKs are generated by the flash device (e.g.flash card), used internally only, and kept as secrets from the outsideworld. The data that is encrypted or ciphered may also be either hashedor the cipher is chain blocked to ensure data integrity.

Not all the data in the partition is encrypted by different keys andassociated with different key IDs. Certain logical addresses either inpublic or user files or in the operating system area (i.e. FAT) may notbe associated with any key or key reference, and thus are available toany entity that can access the partition itself.

An entity that calls for the ability to create keys and partitions aswell as writing and reading data from them or using the keys, needs tologin to the SSA system through an Access Control Record (ACR). Theprivileges of an ACR in the SSA system are called Actions. Every ACR mayhave Permissions to perform Actions of the following three categories:Creating partitions and keys/key IDs, accessing partitions and keys andcreating/updating other ACRs.

ACRs are organized in groups called ACR Groups or AGPs. Once an ACR hassuccessfully authenticated, the SSA system opens a Session through whichany of the ACR's actions can be executed.

User Partition(s)

The SSA system manages one or more public partitions, also referred toas the user partition(s). This partition exists on the storage deviceand is a partition or partitions that can be accessed through thestandard read write commands of the storage device. Getting informationregarding the size of the partition(s) as well as its existence on thedevice preferably cannot be hidden from the host system.

The SSA system enables accessing this partition(s) either through thestandard read write commands or the SSA commands. Therefore, accessingthe partition preferably cannot be restricted to specific ACRs. The SSAsystem, however, can enable the host devices to restrict the access tothe user partition. Read and write accesses can be enabled/disabledindividually. All four combinations (e.g. write only, read only (writeprotect), read and write and no access) are allowed.

The SSA system enables ACRs to associate key IDs with files within theuser partition and encrypt individual files using keys associated withsuch key IDs. Accessing encrypted files within the user partitions aswell as setting the access rights to the partitions will be done usingthe SSA command set (refer to Appendix A for detailed description of theSSA commands—In the Appendix, key ID is referred to as “domain”).Theabove features also apply to data not organized into files.

SSA Partitions

These are hidden (from the host operating system or OS) partitions thatcan be accessed only through the SSA commands. The SSA system willpreferably not allow the host device to access an SSA partition, otherthan through a session (described below) established by logging onto anACR. Similarly, preferably the SSA will not provide informationregarding the existence, size and access permission of an SSA partition,unless this request is coming through an established session.

Access rights to partitions are derived from the ACR permissions. Oncean ACR is logged into the SSA system, it can share the partition withother ACRs (described below). When a partition is created, the hostprovides a reference name or ID (e.g. P0-P3 in FIGS. 3 and 4) for thepartition. This reference is used in further read and write commands tothe partition.

Partitioning of the Storage Device

All available storage capacity of the device is preferably allocated tothe user partition and the currently configured SSA partitions.Therefore, any repartition operation may involve reconfiguration of theexisting partitions. The net change to the device capacity (sum of sizesof all partitions) will be zero. The IDs of the partitions in the devicememory space are defined by the host system.

The host system can either repartition one of the existing partitionsinto two smaller ones or, merge two existing partitions (which may ormay not be adjacent) into one. The data in the divided or mergedpartitions can be either erased or left untouched, at the host'sdiscretion.

Since repartitioning of the storage device may cause loss of data(either because it was erased or moved around in the logical addressspace of the storage device) severe restrictions on repartitioning areadministered by the SSA system. Only an ACR residing in a root AGP(explained below) is allowed to issue a repartition command and it canonly reference partitions owned by it. Since the SSA system is not awareof how data is organized in the partitions (FAT or other file systemstructure) it is the host's responsibility to reconstruct thesestructures any time the device is repartitioned.

Repartitioning of the user partition will change the size and otherattributes of this partition as seen by the host OS.

After repartitioning, it is the host system's responsibility to makesure any ACR in the SSA system is not referencing the non-existingpartitions. If these ACRs are not deleted or updated appropriately,future attempts, on behalf of these ACRs, to access the non-existingpartitions will be detected and rejected by the system. Similar care istaken, regarding deleted keys and key IDs.

Keys, Key IDs and Logical Protection

When a file is written to a certain hidden partition, it is hidden fromthe general public. But, once an entity (hostile or not) gets knowledgeand access to this partition the file becomes available and plain tosee. To further secure the file, the SSA can encrypt it in the hiddenpartition, where the credentials for accessing the key for decryptingthe file are preferably different from those for accessing thepartition. Due to the fact that files are not something that the SSA isaware of (totally controlled and managed by the host), associating a CEKwith a file is a problem. Linking the file to something the SSAacknowledges—the key ID, rectifies this. Thus, when a key is created bythe SSA, the host associates the key ID for this key with the dataencrypted using the key created by the SSA.

The key value and key ID provide logical security. All data associatedwith a given key ID, regardless of its location, is ciphered with thesame content encryption key (CEK) whose reference name or key ID isuniquely provided at creation by the host application. If an entityobtains access to a hidden partition (by authenticating through an ACR)and wishes to either read or write an encrypted file within thispartition, it needs to have access to the key ID that is associated withthe file. When granting access to the key for this key ID, the SSA loadsthe key value in CEK associated with this key ID and either decrypts thedata before sending it to the host or encrypts the data before writingit to the flash memory 20. A key value in CEK associated with a key IDis randomly created once by the SSA system and maintained by it. No oneoutside the SSA system has knowledge or access to this key value in CEK.The outside world only provides and uses a reference or key ID, not thekey value in CEK. The key value is entirely managed and only accessibleby the SSA

The SSA system protects the data associated with the key ID using anyone (user defined) of the following cipher modes (the actualcryptographic algorithms used, as well as the key values in CEKs, aresystem controlled and not revealed to the outside world):

Block mode—Data is divided into blocks, each one of them, encryptedindividually. This mode is generally considered less secure andsusceptive to dictionary attacks, However, it will allow users torandomly access any one of the data blocks.

Chained mode—Data is divided into blocks, which are chained during theencryption process. Every block is used as one of the inputs to theencryption process of the next one. This mode, although considered asmore secure, requires that the data is always written and readsequentially from start to end, creating an overhead not alwaysacceptable to the users.

Hashed—Chain mode with the additional creation of a data digest that canbe used for validating data integrity.

ACRs and Access Control

The SSA is designed to handle multiple applications where each one ofthem is represented as a tree of nodes in the system database. Mutualexclusion between the applications is achieved by ensuring no cross talkbetween the tree branches.

In order to gain access to the SSA system, an entity needs to establisha connection via one of the system's ACRs. Login procedures areadministered by the SSA system according to the definitions embedded inthe ACR the user chose to connect with.

The ACR is an individual login point to the SSA system. The ACR holdsthe login credentials and the authentication method. Also residing inthe record are the login permissions within the SSA system, among whichare the read and write privileges. This is illustrated in FIG. 5, whichillustrates n ACRs in the same AGP. This means that at least some of then ACRs may share access to the same key. Thus, ACR #1 and ACR #n shareaccess to a key with key ID “key 3”, where ACR#1 and ACR#n are the ACRIDs, and “key 3” is a key ID for the key that is used to encrypt dataassociated with “key 3”. The same key can also be used to encrypt and/ordecrypt multiple files, or multiple sets of data.

The SSA system supports several types of login onto the system whereauthentication algorithms and user credentials may vary, as may theuser's privileges in the system once he logged in successfully. FIG. 5again illustrates different login algorithms and credentials. ACR#1requires a password login algorithm and password as credential whereasACR#2 requires a PKI (public key infrastructure) login algorithm andpublic key as credential. Thus, to login, an entity will need to presenta valid ACR ID, as well as the correct login algorithm and credential.

Once an entity is logged into an ACR of the SSA system, itspermissions—its rights to use SSA commands—are defined in thePermissions Control Record (PCR) which is associated with the ACR. InFIG. 5, ACR#1 grants read only permission to data associated with “key3”, and ACR #2 grants permission to read and write data associated with“key 5” according to the PCR shown.

Different ACRs may share common interests and privileges in the systemsuch as in keys with which to read and write. To accomplish that, ACRswith something in common are grouped in AGPs-ACR. Groups. Thus, ACR #1and ACR #n share access to a key with key ID “key 3”.

AGPs and, the ACRs within, are organized in hierarchical trees and soaside from creating secure keys that keep sensitive data secure; an ACRcan preferably also create other ACR entries that correspond to his keyID/partitions. These ACR children will have the same or less permissionsas their father—creator and, may be given permissions for keys thefather ACR himself created. Needless to add, the children ACRs getaccess permissions to any key that they create. This is illustrated inFIG. 6. Thus, all of the ACRs in AGP 120 were created by ACR 122 and twoof such ACRs inherit from ACR 122 permission(s) to access to dataassociated with “key 3”.

AGP

Logging onto the SSA system is done by specifying an AGP and an ACRwithin the AGP.

Every AGP has a unique ID (reference name), which is used as an index toits entry in the SSA database. The AGP name is provided to the SSAsystem, when the AGP is created. If the provided AGP name already existsin the system, the SSA will reject the creation operation.

AGPs are used to administer restrictions on delegation of access andmanagement permissions as will be described in the following sections.One of the functions served by the two trees in FIG. 6 is to administerthe access by entirely separate entities, such as two differentapplications, or two different computer users. For such purposes, it maybe important for the two access processes to be substantiallyindependent of one another (i.e. substantially no cross-talk), eventhough both occur at the same time. This means that the authentication,permissions as well as the creation of additional ACRs and AGPs in eachtree are not connected to and do not depend on those of the other tree.Hence, when the SSA system is used in memory 10, this allows the memorysystem 10 to serve multiple applications simultaneously. It also allowsthe two applications to access two separate sets of data independentlyof one another (e.g. a set of photographs and a set of songs). This isillustrated in FIG. 6. Thus, the data associated with “keys 3”, “key X”and “key Z” for the application or user accessing via nodes (ACRs) inthe tree in the top portion of FIG. 6 may comprise photographs. The dataassociated with “key 5” and “key Y” for the application or useraccessing via nodes (ACRs) of the tree in the bottom portion of FIG. 6may comprise songs. The ACR that created the AGP has the permission todelete it only when the AGP is empty of ACR entries

The Entity's SSA Entry Point: Access Control Record (ACR)

An ACR in the SSA system describes the way the entity is permitted tolog into the system. When an entity logs into the SSA system it needs tospecify the ACR that corresponds to the authentication process it isabout to perform. An ACR includes a Permissions Control Record (PCR)that illustrates the granted actions the user can execute onceauthenticated as defined in the ACR as illustrated in FIG. 5. The hostside entity provides all of the ACR data fields.

When an entity has successfully logged onto an ACR, the entity will beable to query on all of the ACR's partition and key access permissionsand ACAM permissions (explained below).

ACR ID

When an SSA system entity initiates the login process it needs tospecify the ACR ID (as provided by the host when the ACR was created)that corresponds to the login method so that the SSA will set up thecorrect algorithms and select the correct PCR when all loginrequirements have been met. The ACR ID is provided to the SSA systemwhen the ACR is created.

Login/Authentication Algorithm

The authentication algorithm specifies what sort of login procedure willbe used by the entity, and what kind of credentials are needed toprovide proof of user's identity. The SSA system supports severalstandard login algorithms, ranging from no procedure (and no credential)and password-based procedures to a two-way authentication protocolsbased on either symmetric or asymmetric cryptography.

Credentials

The entity's credentials correspond to the login algorithm and are usedby the SSA to verify and authenticate the user. An example forcredential can be a password/PIN-number for password authentication,AES-key for AES authentication, etc. The type/format of the credentials(i.e. the PIN, the symmetric key, etc . . . ) is predefined and derivedfrom the authentication mode; they are provided to the SSA system whenthe ACR is created. The SSA system has no part in defining, distributingand managing these credentials, with the exception of PKI basedauthentication where the device (e.g. flash card) can be used togenerate the RSA key pair and the public key can be exported forcertificate generation.

The Permissions Control Record (PCR)

The PCR shows what is granted to the entity after logging into the SSAsystem and passing the ACR's authentication process successfully. Thereare three types of permission categories: Creation permissions forpartition and keys, Access permissions to partitions and keys andmanagement permissions for Entity-ACR Attributes

Accessing Partitions

This section of the PCR contains the list of partitions (using their IDsas provided to the SSA system) the entity can access upon completing theACR phase successfully. For each partition the access type may berestricted to write-only or read-only or may specify full write/readaccess rights. Thus, the ACR#1 in FIG. 5 has access to partition #2 andnot partition #1. The restrictions specified in the PCR apply to the SSApartitions and the public partition.

The public partition can be accessed either by regular read and writecommands to the device (e.g. flash card) hosting the SSA system, or bySSA commands. When a root ACR (explained below) is created with thepermission to restrict the public partition, he can pass it on to hischildren. An ACR can preferably only restrict the regular read and writecommands from accessing the public partition. ACRs in the SSA system canbe restricted preferably only upon their creation. Once an ACR has thepermission to read/write from/to the public partition, preferably itcannot be taken away.

Accessing Key IDs

This section of the PCR contains the data associated with the list ofkey IDs (as provided to the SSA system by the host) the entity canaccess when the ACR policies have been met by the entity's loginprocess. The key ID specified is associated with a file/files thatreside in the partition appearing in the PCR. Since the key IDs are notassociated with logical addresses in the device (e.g. flash card), whenmore than one partition is associated with a specific ACR, the files canbe in either one of the partitions. The key IDs specified in the PCR canhave each, a different set of access rights. Accessing data pointed toby key IDs can be restricted to write-only or read-only or may specifyfull write/read access rights.

ACR Attributes Management (ACAM)

This section describes how in certain cases the ACR's system attributescan be changed.

The ACAM actions that may be permitted in the SSA system are:

Create/delete/update AGPs and ACR.

Create/delete Partitions and Keys.

Delegate access rights to keys and partitions.

A father ACR preferably cannot edit ACAM permissions. This wouldpreferably require the deletion and recreation of the ACR. Also theaccess permission to a key ID created by the ACR can preferably not betaken away.

Create/delete/update AGPs and ACR

An ACR may have the capacity to create other ACRs and AGPs. CreatingACRs also may mean delegating them some or all of the ACAM permissionspossessed by their creator. Having the permission to create ACRs meanshaving the permission for the following actions:

1. Define and edit the child's credentials—the authentication methodpreferably cannot be edited once set by the creating ACR. Thecredentials may be altered within the boundary of the authenticationalgorithm that is already defined for the child.

2. Delete an ACR.

3. Delegate the creating permission to the child ACR (thus havinggrandchildren).

An ACR with the permissions to create other ACRs has the permission todelegate the unblocking permission to ACRs it creates (although itprobably does not have the permission to unblock ACRs). The father ACRwill place in the child ACR a reference to his unblocker.

The father ACR is the only ACR that has the permission to delete hischild ACR. When an ACR deletes a lower level ACR that he created, thenall ACRs spawned by this lower-level ACR are automatically deleted aswell. When an ACR is deleted then all the key IDs and partitions that itcreated are deleted.

There are two exceptions by which an ACR can update its own record:

Passwords/PINs, although set by the creator ACR, can be updated only bythe ACR that includes them.

A root ACR may delete itself and the AGP that it resides in.

Delegate Access Rights to Keys and Partitions

ACRs and their AGPs are assembled in hierarchical trees where the rootAGP and the ACRs within are at the top of the tree (e.g. root AGPs 130and 132 in FIG. 6). There can be several AGP trees in the SSA systemthough they are totally separated from one another. An ACR within an AGPcan delegate access permissions to its keys to all ACRs within the sameAGP that it is in, and to all the ACRs created by them. The permissionto create keys preferably includes the permission to delegate accesspermissions to use the keys.

Permissions to keys are divided into three categories:

1. Access—this defines the access permissions for the key i.e. Read,Write.

2. Ownership—an ACR that created a key is by definition its owner. Thisownership can be delegated from one ACR to another (provided that theyare in the same AGP or in a child AGP). An ownership of a key providesthe permission to delete it as well as delegate permissions to it.

3. Access Rights Delegation—this permission enables the ACR to delegatethe rights he holds.

An ACR can delegate access permissions to partitions he created as wellas other partitions he has access permissions to.

The permission delegation is done by adding the names of the partitionsand key IDs to the designated ACR's PCR. Delegating key accesspermissions may either be by the key ID or by stating that accesspermission is for all of the created keys of the delegating ACR.

Blocking and Unblocking of ACRs

An ACR may have a blocking counter which increments when the entity'sACR authentication process with the system is unsuccessful. When acertain maximum number (MAX) of unsuccessful authentications is reached,the ACR will be blocked by the SSA system.

The blocked ACR can be unblocked by another ACR, referenced by theblocked ACR. The reference to the unblocking ACR is set by its creator.The unblocking ACR preferably is in the same AGP as the creator of theblocked ACR and has the “unblocking” permission.

No other ACR in the system can unblock the blocked ACR. An ACR may beconfigured with a blocking counter but without an unblocker ACR. In thiscase, if this ACR get blocked it cannot be unblocked.

Root AGP—Creating an Application Database

The SSA system is designed to handle multiple applications and isolatethe data of each one of them. The tree structure of the AGP system isthe main tool used to identify and isolate application specific data.The root AGP is at the tip of an application SSA database tree andadheres to somewhat different behavior rules. Several root AGPs can beconfigured in the SSA system. Two root AGPs 130 and 132 are shown inFIG. 6. Obviously fewer or more AGPs may be used and are within thescope of this invention.

Registering the device (e.g. flash card) for a new application and/orissue credentials of a new applications for the device are done throughthe process of adding new AGP/ACR tree to the device.

The SSA system supports three different modes of root AGP creation (aswell as all of the ACRs of the root AGP and their permissions):

1. Open: Any user or entity without requiring any sort ofauthentication, or users/entities authenticated through the system ACR(explained below), can create a new root AGP. The open mode enablescreation of root AGPs either without any security measures while alldata transfer is done on an open channel (i.e. in the secure environmentof an issuance agency) or, through a secure channel established throughthe system ACR authentication (i.e. Over The Air (OTA) and post issuanceprocedures).

If the system ACR is not configured (this is an optional feature) andthe root AGP creation mode is set to Open, only the open channel optionis available.

2. Controlled: Only entities authenticated through the System ACR cancreate a new root AGP. The SSA system cannot be set to this mode ifsystem ACR is not configured.

3. Locked: Creation of root AGPs is disabled and no additional root AGPscan be added to the system

Two SSA commands control this feature (these commands are available toany user/entity without authentication):

1. Method configuration command—Used to configure the SSA system to useany one of the three root AGP creation modes. Only the following modechanges are allowed: Open→Controlled, Controlled→Locked (i.e. if the SSAsystem is currently configured as Controlled, it can only be changed tolocked).

2. Method configuration lock command—Used to disable the methodconfiguration command and permanently lock the currently selectedmethod.

When a root AGP is created, it is in a special initializing mode thatenables the creation and configuration of its ACRs (using the sameaccess restrictions that applied to the creation of the root AGP). Atthe end of the root AGP configuration process, when the entityexplicitly switches it to operating mode, the existing ACRs can nolonger be updated and additional ACRs can no longer be created

Once a root AGP is put in standard mode it can be deleted only bylogging into the system through one of its ACRs that is assigned withthe permission to delete the root AGP. This is another exception of rootAGP, in addition to the special initialization mode; it is preferablythe only AGP that may contain an ACR with the permission to delete itsown AGP, as opposed to AGPs in the next tree level.

The third and last difference between a root ACR and a standard ACR isthat it is the only ACR in the system that can have the permission tocreate and delete partitions.

SSA System ACR

The system ACR may be used for the following two SSA operations:

1. Create an ACR/AGP tree under the protection of a secured channelwithin hostile environments.

2. Identify and authenticate the device hosting the SSA system.

There may preferably be only one System ACR in the SSA and once definedit preferably cannot be changed. There is no need for systemauthentication when creating the System ACR; only a SSA command isneeded. The create-system-ACR feature can be disabled (similarly to thecreate-root-AGP feature). After the system ACR is created, thecreate-system-ACR command has no effect, since preferably only oneSystem ACR is allowed.

While in the process of creating, the System ACR is not operational.Upon finishing, a special command needs to be issued indicating that theSystem ACR is created and ready to go. After this point the System ACRpreferably cannot be updated or replaced.

The System ACR creates the root ACR/AGP in the SSA. It has permission toadd/change the root level until such time that the host is satisfiedwith it and blocks it. Blocking the root AGP essentially cuts off itsconnection to the system ACR and renders it temper proof. At this pointno one can change/edit the root AGP and the ACRs within. This is donethrough an SSA command. Disabling creation of root AGPs has a permanenteffect and cannot be reversed. The above features involving the systemACR are illustrated in FIG. 7. The system ACR is used to create threedifferent root AGPs. At a certain time after these are created, the SSAcommand is sent from the host to block the root AGPs from the systemACR, thereby disabling the create-root-AGP feature, as indicated by thedotted lines connecting the System ACR to the root AGPs in FIG. 7. Thisrenders the three root AGPs temper proof. The three root AGPs may beused to create children AGPs to form three separate trees, before orafter the root AGPs are blocked.

The above described features provides great flexibility to the contentowner in configuring secure products with content. Secure products needto be “Issued”. Issuance is the process of putting identification keysby which the device can identify the host and vice versa. Identifyingthe device (e.g. flash card) enables the host to decide whether it cantrust its secrets with it. On the other hand, identifying the hostenables the device to enforce security policies (grant and execute aspecific host command) only if the host is allowed to.

Products that are designed to serve multiple applications will haveseveral identification keys. The product can be “pre-issued”—keys storedduring manufacturing before shipping, or “post issued”—new keys areadded after shipping. For post issuance, the memory device (e.g. memorycard) needs to contain some kind of master or device level keys whichare being used to identify entities which are allowed to addapplications to the device.

The above described features enables a product to be configured toenable/disable post issuance. In addition, the post issuanceconfiguration can be securely done after shipping. The device may bebought as a retail product with no keys on it in addition to the masteror device level keys described above, and then be configured by the newowner to either enable further post issuance applications or disablethem.

Thus, the system ACR feature provides the capability to accomplish theabove objectives:

Memory devices with no system ACR will allow unlimited and uncontrolledaddition of applications.

Memory devices without system ACR can be configured to disable thesystem ACR creation, which means there is no way to control adding ofnew applications (unless the feature of creating new root AGP isdisabled as well)

Memory devices with system ACR will allow only controlled addition ofapplications via a secure channel to establish through an authenticationprocedure using the system ACR credential.

Memory devices with system ACR may be configured to disable theapplication adding feature, before or after applications have beenadded.

Key ID List

Key IDs are created per specific ACR request; however, in the memorysystem 10, they are used solely by the SSA system. When a key ID iscreated the following data is provided by or to the creating ACR:

1. Key ID. The ID is provided by the entity through the host and is usedto reference the key and data that is encrypted or decrypted using thekey in all further read or write accesses.

2. Key Cipher and data integrity Mode (the Blocked, Chained and HashedModes above and as explained below)

In addition to the host provided attributes, the following data ismaintained by the SSA system:

1. Key ID Owner. The ID of the ACR that is the owner. When a key ID iscreated the creator ACR is its owner. Key ID ownership may, however, betransferred to another ACR. Preferably only the key ID owner is allowedto transfer ownership of, and delegate, a key ID. Delegating accesspermission to the associated key, and revoking these rights can beadministered either by the key ID owner or any other ACR assigned withdelegation permissions. Whenever an attempt is made to exercise any oneof these operations, the SSA system will grant it only if the requestingACR is authorized.

2. CEK. This is the CEK used to cipher the content associated with orpointed to by the key ID. The CEK may be a 128 bit AES random keygenerated by the SSA system.

3. MAC and IV values. Dynamic information (message authentication codesand initiation vectors) used in the Chained Block Cipher (CBC)encryption algorithms.

The various features of the SSA are also illustrated in reference to theflow charts in FIGS. 8A-16, where ‘H’ to the left of a step means theoperation is performed by the host, and ‘C’ means the operation isperformed by the card. In order to create a System ACR, the host issuesto the SSA in the memory device 10 a command to create System ACR (block202). The device 10 responds by checking whether a System ACR alreadyexists (block 204, diamond 206). If it already exists, then device 10returns failure and stops (oblong 208). If it does not, then memory 10checks to see if System ACR creation is allowed (diamond 210), andreturns a failure status if not allowed (block 212). Thus, there may beinstances where the device issuer does not allow the creation of aSystem ACR, such as in the case where the security features needed havebeen predetermined so that no System ACR is needed. If this is allowed,the device 10 returns OK status and waits for System ACR credentialsfrom the host (block 214). The host checks the SSA status and whetherthe device 10 has indicated that the creation of a System ACR is allowed(block 216 and diamond 218). If creation is not allowed or if a systemACR already exists, the host stops (oblong 220). If the device 10 hasindicated that the creation of a System ACR is allowed, the host issuesa SSA command to define its login credential and sends it to the device10 (block 222). The device 10 updates a System ACR record with thecredential received and returns OK status (block 224). In response tothis status signal, the host issues SSA command indicating the systemACR is ready (block 226). The device 10 responds by locking the SystemACR so that it cannot be updated or replaced (block 228). This locks inthe features of the system ACR and its identity for identifying thedevice 10 to the host.

The procedure for creating new trees (New Root AGPs and ACR) isdetermined by the way these functions are configured in the device. FIG.9 explains the procedures. Both the host 24 and the memory system 10follow it. If adding new root AGP is disabled altogether, new root AGPscannot be added (diamond 246). If it is enabled but requires a systemACR, the host authenticates through the system ACR and establishes asecure channel (diamond 250, block 252) prior to issuing the CreateRoot_AGP command (block 254). If system ACR is not required (diamond248) the host 24 can issue the create root AGP command withoutauthentication and proceed to block 254. If system ACR does exist, thehost may use it even if it is not required (not shown in the flowchart). The device (e.g. flash card) will reject any attempt to create anew root AGP if the function is disabled and it will reject an attemptto create a new root AGP without authentication, if system ACR isrequired (diamonds 246 and 250). The newly created AGP and ACR in block254, are now switched to Operational Mode so that the ACRs in such AGPscannot be updated or otherwise changed, and no ACRs can be added to them(block 256). The system is then, optionally locked so that additionalroot AGPs cannot be created (block 258). The dotted line box 258 is aconvention indicating that this step is an optional step. All the boxesin the flow charts of the figures of this application in dotted linesare optional steps. This allows the content owner to block the use ofdevice 10 for other illicit purposes that may imitate a genuine memorydevice with legitimate content.

To create ACRs (other than the ACRs in the root AGP as described above),one may start with any ACR that has the right to create an ACR (block270) as shown in FIG. 10. An entity may attempt to enter through thehost 24 by providing the entry point ACR identity, and the ACR with allthe necessary attributes that it wishes to create (block 272). The SSAchecks for a match to the ACR identity and whether the ACR with suchidentity has the permission to create an ACR (diamond 274). If therequest is verified to be authorized, the SSA in device 10 creates anACR (block 276).

FIG. 11 shows two AGPs that illustrate a tree useful in securityapplications using the method of FIG. 10. Thus, the ACR with identity m1in the marketing AGP has the permission to create an ACR. The ACR m1also has the permission to use a key for reading and writing dataassociated with the key ID “Marketing Information” and data associatedwith the key ID “Price List”. Using the method of FIG. 10, it createsthe Sales AGP with two ACRs: s1 and s2 with only read permission to thekey for accessing pricing data associated with the key ID “Price List”,but not to the key necessary for accessing data associated with the keyID “Marketing Information”. In this manner, the entities with the ACRss1 and s2 can only read but not change the pricing data, and will haveno access to marketing data. The ACR m2, on the other hand, has nopermission to create ACRs, and has only read permission to the keys foraccessing data associated with the key ID “Price List” and with the keyID “Marketing Information”.

Thus, access rights may be delegated in the manner explained above wherem1 delegates rights to read pricing data to s1 and s2. This isparticularly useful where large marketing and sales groups are involved.Where there are but one or a few sales people, there may be no need touse the method of FIG. 10. Instead, the access rights may be delegated,by an ACR to one at a lower or the same level within the same AGP, asillustrated in FIG. 12. First, the entity enters the tree for such AGPby specifying an ACR in the manner described above in the tree throughthe host (block 280). Next the host will specify the ACR and the rightsto delegate to. The SSA checks the tree(s) for such ACR and whether theACR has the permission to delegate rights to the specified another ACR(diamond 282). If it does, the rights are delegated (block 284); if notit stops. The result is illustrated in FIG. 13. The ACR m1 in this casehas the permission to delegate read permission to the ACR s1, so that s1will be able to use a key to access pricing data after the delegation.This may be performed if m1 has the same or greater rights to accesspricing data and the permission to so delegate. In one embodiment, m1retains its access rights after the delegation. Preferably access rightsmay be delegated under restricted conditions (rather then permanently)such as for a limited time, limited number of accesses, etc. . . .

The process for creating a key and key ID is illustrated in FIG. 14. Theentity authenticates through an ACR (block 302). The entity requests thecreation of a key with an ID specified by the host (block 304). The SSAchecks and see if the ACR specified has the permission to do so (diamond306). For example, if the key is to be used for accessing data in aparticular partition, the SSA will check and see if the ACR may accesssuch partition. If the ACR is authorized, then the memory device 10creates a key value associated with the key ID provided by the host(block 308), ands stores the key ID in the ACR, and the key value in itsmemory (either in the controller-associated memory or memory 20) andassigns rights and permissions according to information supplied by theentity (block 310) and modifies the PCR of such ACR with such assignedrights and permissions (block 312). Thus, the creator of the key has allavailable rights, such as read and write permissions, right to delegateand share with other ACRs in the same AGP or an ACR at a lower level,and the right to transfer ownership of the key.

An ACR can change the permissions (or the existence altogether) ofanother ACR in the SSA system as illustrated in FIG. 15. An entity mayenter a tree through an ACR as before; in one case the entity isauthenticated and then it specifies an ACR (blocks 330, 332). Itrequests the deletion of a target ACR or the permission in a target ACR(block 334). If the ACR specified or the one active at such time has theright to do so (diamond 336), the target ACR is deleted, or the PCR ofthe target ACR is altered to delete such permission (block 338). If thisis not authorized the system stops.

After the above described process, the target will no longer be able toaccess the data it was able to prior to the process. As shown in FIG.16, an entity may attempt to enter at the target ACR (block 350) andfinds that the authentication process fails, since the previouslyexisting ACR ID is no longer present in the SSA, so that access rightsare denied (diamond 352). Assuming that the ACR ID has not been deleted,the entity specifies an ACR (block 354) and the key ID and/or data in aparticular partition (block 356), and the SSA then checks to see the keyID or partition access request is permitted according to the PCR of suchACR (diamond 358). If the permission has been deleted or has expired,then the request is again denied. Otherwise, the request is granted(block 360).

The above process describes how access to protected data is managed bythe device (e.g. flash card), regardless of whether the ACR and its PCRwere just changed by another ACR or were so configured to begin with.

Sessions

SSA system is designed to handle multiple users, logged in concurrently.This feature requires that every command received by the SSA isassociated with a specific entity and executed only if the ACR, used toauthenticate this entity, has the permissions for the requested action.

Multiple entities are supported through the session concept. A sessionis established during the authentication process and assigned asession-id by the SSA system. The session-id is internally associatedwith the ACR used for logging into the system and is exported to theentity to be used in all further SSA commands.

The SSA system supports two types of sessions: Open, and Securesessions. The session type associated with a specific authenticationprocess is defined in the ACR. The SSA system will enforce sessionestablishment in a way similar to the way it enforces the authenticationitself. Since the ACR defines the entity permissions, this mechanismenables system designers to associate secure tunneling either withaccessing specific key IDs or invoking specific ACR managementoperations (i.e. creating new ACRs and setting credentials)

Open Session

Open session is a session identified with a session-id but without busencryption, all commands and data are passed in the clear. This mode ofoperation is preferably used in a multi-user or multi-entity environmentwhere the entities are not part of the threat model, nor iseavesdropping on the bus.

Although not protecting the transmission of the data nor enablingefficient fire-walling between the applications on the host side, theOpen session mode enables the SSA system to allow access only to theinformation allowed for the currently authenticated ACRs.

The Open session can also be used for cases where a partition or a keyneeds to be protected. However, after a valid authentication process,access is granted to all entities on the host. The only thing thevarious host applications need to share, in order to get the permissionsof the authenticated ACR is the session-id. This is illustrated in FIG.17A. The steps above the line 400 are those taken by the host 24. Afteran entity is authenticated (block 402) for ACR1, it requests access to afile associated with a key ID X in the memory device 10 (blocks 404, 406and 408). If the PCR of the ACR 1 allows such access, device 10 grantsthe request (diamond 410). If not, the system returns to block 402.After authentication is completed, the memory system 10 identifies theentity issuing a command only by the assigned session id (and not theACR credentials). Once the ACR 1 gains access to the data associatedwith the key IDs in its PCR, in an open session, any other applicationor user can access the same data by specifying the correct session IDwhich is shared between the different applications on the host 24. Thisfeature is advantageous in applications where it is more convenient tothe user to be able to log in only once, and be able to access all thedata tied to the account through which the log in is performed fordifferent applications. Thus, a cellular phone user may be able toaccess stored emails, and listen to stored music in memory 20 withouthaving to log in multiple times. On the other hand, data not encompassedby the ACR1 will not be accessible. Thus, the same cellular phone usermay have valuable content such as games and photographs accessiblethrough a separate account ACR2. This is data that he does not wishothers who borrow his phone to access, even though he may not mindothers accessing data available through his first account ACR1.Separating access to the data into two separate accounts while allowingaccess to ACR1 in open session provides ease of use as well as affordingprotection of valuable data.

To even further ease the process of sharing the session-id amongst thehost applications, when an ACR is requesting an Open session it canspecifically request that the session will be assigned the “0 (zero)”id. This way, applications can be designed to use a pre-definedsession-id. The only restriction is, for obvious reasons, that only oneACR, requesting session 0, can be authenticated at a specific time. Anattempt to authenticate another ACR requesting session 0, will berejected.

Secure Session

To add a layer of security, the session id may be used as shown in FIG.17B. The memory 10 then also stores the session ids of the activesessions. In FIG. 17B, for example, in order to be able to access a fileassociated with key ID X, the entity will need to also provide a sessionid, such as session id “A” before it is allowed to access the file(blocks 404, 406, 412 and 414). In this manner, unless the requestingentity is aware of the correct session id, it cannot access the memory10. Since the session id is deleted after the session is over and willbe different for each session, an entity can gain access only when ithas been able to provide the session number.

The SSA system has no way to make sure that a command is really comingfrom the correct authenticated entity, other than by using the sessionnumber. For applications and use cases where there is a threat thatattackers will try to use an open channel to send malicious commands,the host application uses a secure session (a secure channel).

When using a secure channel, the session-id, as well as the entirecommand, is encrypted with the secure channel encryption (session) keyand the security level is as high as the host side implementation.

Terminating a Session

A session is terminated and, the ACR is logged off, in any one of thefollowing scenarios:

1. The entity issues an explicit end-session command.

2. Time out on communication. A specific entity issued no command for atime period defined as one of the ACR parameters.

3. All open sessions are terminated after device (e.g. flash card) resetand/or power cycle.

Data Integrity Services

The SSA system verifies the integrity of the SSA database (whichcontains all the ACRs, PCRs, etc . . . ). In addition data integrityservices are offered for entity data through the key ID mechanism.

If a key ID is configured with Hashed as its encryption algorithms thehash values are stored along side with the CEK and IV in the CEK record.Hash values are calculated and stored during write operation. Hashvalues are again calculated during read operations and compared with thevalues stored during the previous write operations. Every time theentity is accessing the key ID the additional data is concatenated(cryptographically) to the old data and the appropriate Hash value (forread or for write) updated.

Since only the host knows the data files associated with or pointed toby a key ID, the host explicitly manages several aspects of the dataintegrity function in the following manner:

1. A data file associated with or pointed to by a key ID is written orread from the beginning to end. Any attempt to access portions of thefile will mess it up since the SSA system is using a CBC encryptionmethod and generates a hashed message digest of the entire data

2. There is no need to process the data in a contiguous stream (the datastream can be interleaved with data streams of other key Ids and may besplit over multiple sessions) since intermediate Hash values aremaintained by the SSA system. However, the entity will need toexplicitly instruct the SSA system to reset the Hash values if the datastream is restarted.

3. When a read operation is completed, the host must explicitly requestthe SSA system to validate the read Hash by comparing it with the Hashvalue calculated during the write operation.

4. The SSA system provides a “dummy read” operation as well. Thisfeature will stream the data through the encryption engines but will notsend it out to the host. This feature can be used to verify dataintegrity before it is actually read out of the device (e.g. flashcard).

Random Number Generation

The SSA system will enable external entities to make use of the internalrandom number generator and request random numbers to be used outside ofthe SSA system. This service is available to any host and does notrequire authentication.

RSA Key Pair Generation

The SSA system will enable external users to make use of the internalRSA key pair generation feature and request an RSA key pair to be usedoutside of the SSA system. This service is available to any host anddoes not require authentication.

Alternative Embodiment

Instead of using a hierarchical approach, similar results can beachieved using a data base approach, as illustrated in FIG. 18.

As shown in FIG. 18, a list of credentials for entities, authenticationmethods, the maximum number of failed attempts, and the minimum numberof credentials needed to unblock may be entered into a database storedin controller 12 or memory 20, which relates such credentialrequirements to the policies (read, write access to keys and partitions,secure channel requirement) in the database carried out by thecontroller 12 of memory 10. Also stored in the database are constraintsand limitations to the access to keys and partitions. Thus, someentities (e.g. system administrator) may be on a white list, which meansthat these entities can always access all keys and partitions. Otherentities may be on a black list, and their attempts to access anyinformation will be blocked. The limitation can be global, or key and/orpartition specific. This means that only certain entities can alwaysaccess certain specific keys and partitions, and certain entities alwayscannot do so. Constraints can also be put on the content itself,irrespective of the partition it is in or the key used to encrypt ordecrypt it. Thus, certain data (e.g. songs) may have the attribute thatthey can only be accessed by the first five host devices that accessthem, or that other data (e.g. movies) can only be read for a limitednumber of times, irrespective of which entities had access.

Authentication

Password Protection

Password-protect means that a password needs to be presented to accessthe protected area. Unless it cannot be more than one password thenpasswords could be associated with different rights such as read accessor read/write access.

Password protect means that the device (e.g. flash card) is able toverify a password provided by the host i.e. the device also has thepassword stored in device managed secured memory area.

Issues and Limitations

Passwords are subject to replay attack. Because the password does notchange after each presentation it can be identically resent. It meansthat password as is must not be use if the data to be protected arevaluable, and the communication bus is easily accessible.

Password could protect access to stored data but should NOT be used toprotect data (not a key)

To increase the security level associated with passwords, they can bediversified using a master key, with the result that hacking one doesnot crack entire system. A session key based secure communicationchannel can be use to send the password.

FIG. 19 is a flow chart illustrating authentication using a password.The entity sends in an account id and password to system 10 (e.g. flashmemory card). The system checks to see if the password matches that inits memory. If it matches, authenticated status is returned. Otherwise,the error counter is incremented for that account, and the entity isasked to re-enter an account id and password. If the counter overflows,the system return status that access is denied.

Challenge Response

FIG. 20 is a Flow Chart illustrating authentication using achallenge/response type method. The entity sends in an account id andrequests a challenge from system 10. System 10 generates a random numberand presents it to the host. The host computes a response from thenumber and sends it to the system 10. System 10 compares the response tothe value stored. The remaining steps are similar to those in FIG. 19for determining whether to grant access.

FIG. 21 is a Flow Chart illustrating authentication using anotherchallenge/response type method. FIG. 21 differs from that in FIG. 20 inthat, in addition to requiring the host to be authenticated by thesystem 10, it also requires the system 10 to be authenticated by achallenge/response where system 10 also requests a challenge from thehost and returns a response to be checked by the host.

FIG. 22 is a Flow Chart illustrating authentication using anotherchallenge/response type method. In this case, only the system 10 needsto be authenticated, where the host sends a challenge to system 10,which computes a response that is checked by the host for a match withits record of system 10.

Symmetric Key

Symmetric key algorithm means that the SAME key is used on both sides toencrypt and decrypt. It means that the key must have been pre-agreedprior to communicating. Also each side should implement the reversealgorithm of each other i.e. encrypt algorithm on one side and decrypton the other. Both sides do not need to implement both algorithms tocommunicate.

Authentication

Symmetric key authentication means that device (e.g. flash card) andhost share the same key and have the same cryptographic algorithm(direct and reverse e.g. DES and DES-1).

Symmetric key authentication means challenge-response (protect againstreplay attack). The protected device generates a challenge for the otherdevice and both compute the response. The authenticating device sendsback the response and the protected device check the response andvalidate authentication accordingly. Then rights associated withauthentication can be granted.

Authentication could be:

External: the device (e.g. flash card) authenticates the outside worldi.e. the device validates credentials of a given host or application

Mutual: a challenge is generated on both sides

Internal: the host application authenticates the device (e.g. flashcard) i.e. host checks if device is genuine for its application.

To increase the security level of the entire system (i.e. breaking onedoes not break all)

Symmetric key are usually combined with diversification using a masterkey

Mutual authentication uses challenge from both side to ensure challengeis a real challenge

Encryption

Symmetric key cryptography is also used for encryption because it is avery efficient algorithm i.e. it does not need a powerful CPU to handlecryptography.

When used to secure a communication channel:

Both devices have to know the session key used to secure the channel(i.e. encrypt all outgoing data and decrypt all incoming data). Thissession key is usually established using a pre-shared secret symmetrickey or using PKI.

Both devices have to know and implement the same cryptographicalgorithms Signature

Symmetric key can also be used to sign data. In that case the signatureis a partial result of the encryption. Keeping the result partial allowsto sign as many time as needed without exposing the key value.

Issues and Limitations

Symmetric algorithms are very efficient and secure but they are based ona pre-shared secret. The issue is securely share this secret in adynamic manner and possibly to have it random (like a session key). Theidea is that a shared secret is hard to keep safe in a long term and isalmost impossible to share with multiple people.

To facilitate this operation, public key algorithm has-been invented asit allows the exchange of secrets without sharing them.

Public Key Cryptography

Asymmetric key algorithm is commonly referred Public Key cryptograph. Itis a quite complex and usually CPU intensive mathematicalimplementation. It has been invented to solve the issues of keydistribution associated with symmetric key algorithms. It also providessigning capabilities used to ensure data integrity.

Asymmetric key algorithm uses a key which has private and publicelements respectively referred as private key and public key. Bothprivate key and public key are mathematically linked together. Thepublic key can be shared whereas the private has to remain secret. Asfor the keys, asymmetric algorithm uses two mathematical functions (onefor the private key and one for the public key) to provide wrap andunwrap or sign and verify.

Key Exchange and Key Distribution

Key exchange becomes very simple using PK algorithm. The device sendsits public key to the other device. The other device wraps its secretkey with the public key and returns the encrypted data to the firstdevice. The first device uses its private key to unwrap the data andretrieve the secret key which is now known to both sides and can be usedto exchange data. Because the symmetric key can be exchanged that easilyit is usually a random key.

Signature

Because of its nature public key algorithm is usually used only to signsmall amount of data. To ensure data integrity it is then combine with ahash function that provides a one-way foot print of the message.

The Private key is used to sign the data. The public key (freelyavailable) allows to verify the signature.

Authentication

Authentication usually uses signature: a challenge is signed andreturned for validation

The public part of the key is used for verification. Because anyone cangenerate a key pair, there is a need to certify the owner of the publickey in order to prove that this is the right person using the correctkey. Certification authority provides certification and will include thepublic key in a signed certificate. The certificate is signed by theauthority itself. Then using a public key to verify a signature meansthat the authority that issued the certificate containing that key istrusted and that one is able to verify that the certificate has not beenhacked i.e. that the certificate hash signed by the authority iscorrect; meaning that the user has and trusts the authority public keycertificate.

The most common way to provide PK authentication is to trust theauthority or root certificate and indirectly trust all key pairscertified by the given authority. Authenticating is then a matter ofproving that the private key that one has matches the certificate bysigning a challenge and providing the challenge response, and thecertificate. Then certificate is checked to make sure it has not beenhacked and it is signed by a trusted authority. Then the challengeresponse is verified. Authentication is successful if the certificate istrusted and the challenge response is correct.

Authentication in a device (e.g. flash card) means that the device isloaded with trusted root certificates and that the device is able toverify the challenge response as well as the certificate signed hash.

File Encryption

PK algorithm is not used to encrypt large amounts of data because it istoo CPU intensive, but is usually used to protect a randomizedencryption/decryption key generated to encrypt the content. For exampleSMIME (Secure email) generate a key which is then encrypted with allrecipients' public key.

Issues and Limitations

Because anything can generate a key pair, it has to be certified toensure its origin. During key exchange one may want to make sure thatthe secret key is provided to the right device i.e. the origin of theprovided public key will need to be checked. Certificate management thenbecomes part of the security as it can inform about the validity of thekey, and whether the key has been revoked.

While the invention has been described above by reference to variousembodiments, it will be understood that changes and modifications may bemade without departing from the scope of the invention, which is to bedefined only by the appended claims and their equivalent. All referencesreferred to herein are incorporated by reference.

1. A method for storing data in a memory system which comprises arewritable non-volatile memory, and a memory controller controllingaccess to said non-volatile memory; said method comprising: causing thecontroller to generate a key useful for encrypting and/or decryptingdata stored in the memory by the controller, said key beingsubstantially inaccessible to devices external to the system; andstoring in the memory a policy concerning different permissions grantedto authorized entities to use the key for encrypting and/or decryptingdata stored in the memory.
 2. The method of claim 1, further comprisingaccessing data in the memory in the form of files, wherein thecontroller is not aware of files.
 3. The method of claim 1, wherein thepolicy permits one or more entities in a set of entities to use the keyfor accessing the same data stored in the memory and prevents entitiesnot in the set to use the key for accessing data stored in the memory.4. The method of claim 3, wherein the policy permits a first set of oneor more entities to use the key to encrypt and/or decrypt data and towrite and read data from the memory and a second set of one or moreentities to use the key to only decrypt data in the memory and read thedecrypted data.
 5. The method of claim 3, wherein the policy permits aset of one or more entities to use the key to only encrypt data andwrite the encrypted data to the memory, to only decrypt data in thememory and read the decrypted data, or both.
 6. The method of claim 3,wherein the policy permits an entity to delete access rights to thememory of another entity or alter the policy to disallow access byanother entity to use the key, where said another entity was permittedsuch access prior to the alteration.
 7. The method of claim 3, whereinthe policy permits an entity to delegate access rights to the key toanother entity or alter the policy to permit such delegation.
 8. Themethod of claim 1, wherein the policy requires the establishment of asecure channel for at least one entity to access the memory, or to thekey.
 9. The method of claim 1, wherein the policy requires theestablishment of a secure channel for access to the memory, or to thekey.
 10. The method of claim 1, wherein the policy permits access to thememory, or to the key, only by a limited number of entities.
 11. Themethod of claim 1, wherein the policy permits access to the memory, orto the key, only by a limited number of entities irrespective of whetheran entity has been authenticated.
 12. The method of claim 1, wherein thepolicy does not require the establishment of a secure channel for atleast one entity to access the memory, or to the key
 13. A method forstoring data in a memory system which comprises a flash memory, and amemory controller controlling access to said non-volatile memory; saidmethod comprising: causing the controller to generate a key useful forencrypting and/or decrypting data stored in the memory by thecontroller; and storing in the memory a policy concerning differentpermissions granted to authorized entities to use the key for encryptingand/or decrypting data stored in the memory.
 14. A method for storingdata in a memory system which comprises a rewritable non-volatilememory, and a memory controller controlling access to said non-volatilememory; said method comprising: storing in the memory a key useful forencrypting and/or decrypting data stored in the memory by thecontroller; accessing data in the memory in the form of files, whereinthe controller is not aware of files; and storing in the memory a policyconcerning different permissions granted to authorized entities to usethe key for encrypting and/or decrypting data stored in the memory. 15.The method of claim 14, said key being substantially inaccessible tosystems external to the device.
 16. A secure storage method for use in astorage system comprising a non-volatile flash memory; and a controllercontrolling access to the memory; said method comprising: storing insaid memory or controller at least two records for controlling access tothe memory by at least two corresponding entities, each of said recordscontaining an authentication requirement for and permission(s) to accessencrypted and/or unencrypted data stored in the memory by thecorresponding entity of the at least two entities wherein theauthentication requirement(s) and the permission(s) in the records ofthe at least two corresponding entities are not entirely the same; andcontrolling access by at least two corresponding entities to data storedin said memory according to the at least two records.
 17. The method ofclaim 16, each of said records containing permission(s) to accesspartitions in the memory by the corresponding entity of the at least twoentities wherein the permission(s) in the records of the at least twocorresponding entities for accessing partitions are not entirely thesame.
 18. A secure storage method for providing or accepting data fileswhen requested by a host device, said system comprising a non-volatilememory storing a data file and a controller controlling access to thememory; said method comprising: providing to the system a key referenceassociated with said data file; causing said controller to generate acryptographic key and to associate said key with said key reference,said key useful for encrypting and/or decrypting said data file; andusing said key reference for communication between the host device andthe system for encrypting and/or decrypting said one of the plurality ofdata files.
 19. The method of claim 18, said key being substantiallyinaccessible to devices external to the storage system.